Typical end-user computing environments, including those in the enterprise, small-and-medium businesses, and in consumer homes, are increasing in size and complexity. Given the increased capabilities of these systems, it is not uncommon for a “standard” commercial off-the-shelf (COTS) computer system to be used in critical infrastructure or as a client that accesses sensitive data.
As operating systems and client applications become more complex, new opportunities are made available for malicious software such as spyware and rootkits to compromise the systems and, in some instances, propagate quickly across the network. It is not surprising that incidents of information theft and misuse are on the rise.
Many of these information thefts result from an operating system that simply cannot be trusted. Malicious code can easily “hook” into the kernel of an operating system, resulting in a highly privileged and mal-intentioned environment that plays host to all applications on the system. As a result malicious attacks are no longer random and are often intended specifically for data theft. Policies that govern access to sensitive information and/or restricted resources are often compromised because they are specified and enforced using the same environment in which the malware lives. Finally, from an operational perspective, there is no visibility into inadvertently leaked confidential data and few tools exist to help administrators enforce security and privacy policies and restrictions on confidential information.